-
Notifications
You must be signed in to change notification settings - Fork 2.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Direct support for lets encrypt #12501
Comments
Thank you @burner- Out of curiosity many choose to terminate TLS at LB though, that's not the case for you ? |
I can do it with BL but its not a point. Point is to try engourage devs to do product what engourage users to not shoot to their own leg with security. At that point I just shutted down that server and continue my holiday. I did not want to do full security review for that in my holiday what it clearly needs before it is safe to connect it back to internet. I think I return to this later but clearly there is place that your dev team do internal review for best practices. I dont want to be mean or anything but it is just big surprise to find so many "student solution" in same product what is so popular and targeted to be enterprise. |
I understand that there is always little balancing with easy deploy vs security. Anyway most of times it is also balancing so that it is better that product deploy take 10min instead of 5min if user prevent 5hour manual hardening work with it. |
What would you like to be added or enhanced?
EMQX dashboard should have direct support for lets encrypt as dashboard https conector and at mqtt conntectors.
Why is this needed?
Currenty it is possible cofigure admin panel behind ssl but it need quite lot of manual configuration. First touch of prodcut gives me feel that security as default is not in culture of this product development. It is more like addon. Also that default admin password give vibes that there is lot of work at developin proper security culture for this product developers.
These days many modern softwares what include web managmend have also just one click checkbox what allow enable lets encrypt for managment console and automatically keep care of getting certs and so on. That encourage to use encryption when ever it is possible (when service is in public network).
Encryption and other basic security shoud be default. Not addon what needs hours of manual configuration and set up scripts.
The text was updated successfully, but these errors were encountered: